Impact of DCOM

Last Updated: June 07, 2022

In the Windows update to be released on June 14, 2022 (*1), the setting to enable hardening the DCOM server’s authentication level is expected to become the default setting. However, with the application of the Windows update, there is a possibility of unintended behavior (e.g., inability to communicate etc.) in products that use DCOM technology. Whether or not there is any impact on the behavior of each product, precautions, workarounds, and future actions will be provided as they become available.

*1 This is one of a series of Windows updates that Microsoft is releasing in response to the DCOM vulnerability in Windows that was disclosed as CVE-2021-26414. Initially, a Windows update was scheduled to be released on March 8, 2022, which enable by default the setting to enable hardening the DCOM server’s authentication level. Later, Microsoft has announced that the release date has been postponed.

 

Investigation results of the target products

Behaviors of DCOM function of the following products are not affected if the Windows update program was applied.

  • PRM Commissioning Support Package (PRM CSP)
  • FieldMate Validator
  • Dual-redundant Platform for Computer
  • Virtualization Platform
  • VTSPortal
  • STARDOM
  • OpreX Integrated Recipe Manager (IRM)
  • Mirror Plant

Behaviors of DCOM function of the following products could be affected if the Windows update program was applied. As soon as the Windows update (June 14, 2022) is issued, we will investigate and publish the results of the investigation and workaround. Please do not apply any Windows updates released on or after June 14, 2022 until the results of the investigation are available. This notice will be updated on July 12, 2022 after we investigate the impact of the Windows update (June 14, 2022) on each product.
It is confirmed that after applying the Windows update released on or after September 14, 2021, error events (ID=10036, 10037, 10038) related to this issue are recorded in the Windows event log. We are investigating how to suppress the error events. Information related to this issue will be released as soon as the investigation is completed.

  • CENTUM VP
  • ProSafe-RS、ProSafe-RS Lite
  • Exaopc
  • Exaquantum
  • Exaquantum/Batch
  • Exaquantum Applications
  • Exaplog
  • Plant Resource Manager (PRM)
  • Insight Suite AE (ISAE)
  • Collaborative Information Server (CI Server)
  • FAST/TOOLS

 

Notes

  • The contents of this website is limited to Yokogawa products. Customers are requested to investigate the impact on products other than Yokogawa products.
  • Windows 7, Windows Server 2008, etc., which are supported by Extended Security Updates (ESU) are not included in the above survey.
  • Any changes in the information of each product will be announced on this website.
  • Every month, Yokogawa check the behavior of the combination of Yokogawa's control system products with Microsoft product updates and provide the results as an End Point Security service on our members-only Web page. We hope you will take this opportunity to consider signing up for this service.

 

Windows updates related to this notice

Windows updates (September 14, 2021) 

  • Windows 10 LTSB 2016/Server 2016:KB5005573
  • Windows 10 LTSC 2019/Server 2019:KB5005568
  • Windows 8.1/Server 2012 R2:KB5005613
  • Windows Server 2012:KB5005623

 

Reference information

The detail information related to this DCOM issue is shown on the below Web site.

¿En busca de información adicional sobre Yokogawa Iberia, tecnología y soluciones?

Contáctenos

Top